Blade servers are self-contained computer servers configured for high-density computing environments. Blade servers are housed in blade enclosures, which may be configured to hold a plurality of blade servers. The plurality of blade servers and the blade enclosure form a blade server system. In a typical blade server system, each of the blade servers includes individual processors, memory, chipsets, and data storage. For example, each blade server may include one or more hard drives. During operation, each blade server stores data related to the operation of the particular blade server on its associated hard drive. As such, if a failure of one or more of the blade servers occurs, migration of the computer environment of the blade server experiencing the failure requires transfer of all the data stored on the associated hard drive to a hard drive of a replacement blade server. Such data transfer involves large amounts of data and bandwidth resulting in long data migration periods.
This migration process may be further affected when the blade server is used to store sensitive or confidential information. Sensitive or confidential information may be protected using security mechanisms such as encrypting the data and/or making use of security hardware to protect the data from unauthorized access. For example, full disk encryption (or whole disk encryption) is a kind of disk encryption (performed by either software or hardware) which encrypts every bit of data that is stored on a disk. Encryption and decryption keys are bound to the particular hardware device storing the data. Movement of data from one hardware device to another requires decryption of the data, movement of the decrypted data from one hardware device to the other, and then encryption of the data at the new hardware device. This decryption and re-encryption process further slows the migration process from one blade server to another.
A blade server may also include security hardware such as a trusted platform module (TPM). A TPM is a hardware component, typically a microcontroller, which resides within a processing system and provides various facilities and services for enhancing the security of the processing system. A TPM may be implemented in accordance with specifications such as the Trusted Computing Group (TCG) TPM Main Part 1 Design Principles Version 1.2, level 2 revision 103, dated Jul. 9, 2007 (hereinafter the “TPM specification”), which is available from the Internet at www.trustedcomputinggroup.org\home. In accordance with the TCG specification, a TPM stores an endorsement key and a storage root key internally, so that the endorsement and storage root keys are immutably bound to the platform protected by the TPM. Endorsement, storage root keys, and identity attestation keys are not migratable from one platform to another. (See TPM specification, sections 7, 7.1, 11.2, and 11.4.) As a result, the migration of data from one blade server to another is further complicated in an environment using TPM technology.